Change8

v1.34.11

📦 envoyView on GitHub →
🐛 3 fixes

Summary

This patch release focuses entirely on critical security fixes, addressing three distinct CVEs related to JWT authentication, TLS certificate matching, and request smuggling.

🐛 Bug Fixes

  • Security fix for Envoy crash when JWT authentication is configured with remote JWKS fetching ([CVE-2025-64527]).
  • Security fix for TLS certificate matcher (`match_typed_subject_alt_names`) incorrectly treating certificates with an embedded null byte ([CVE-2025-66220]).
  • Security fix addressing potential request smuggling from early data after the CONNECT upgrade ([CVE-2025-64763]).